- fixed host-host tunnel traffic selection, host-host works now
This commit is contained in:
parent
1df544d063
commit
bd72398729
|
@ -24,6 +24,7 @@
|
|||
|
||||
#include <utils/linked_list.h>
|
||||
#include <utils/identification.h>
|
||||
#include <utils/logger_manager.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <string.h>
|
||||
|
||||
|
@ -72,6 +73,11 @@ struct private_traffic_selector_t {
|
|||
* end of port range
|
||||
*/
|
||||
u_int16_t to_port;
|
||||
|
||||
/**
|
||||
* Logger reference
|
||||
*/
|
||||
logger_t *logger;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -92,12 +98,18 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
|
|||
u_int16_t from_port, to_port;
|
||||
private_traffic_selector_t *new_ts;
|
||||
|
||||
/* TODO: make output more human readable */
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2,
|
||||
"matching traffic selector ranges %x:%d-%x:%d <=> %x:%d-%x:%d",
|
||||
this->from_addr_ipv4, this->from_port, this->to_addr_ipv4, this->to_port,
|
||||
other->from_addr_ipv4, other->from_port, other->to_addr_ipv4, other->to_port);
|
||||
/* calculate the maximum address range allowed for both */
|
||||
from_addr = max(this->from_addr_ipv4, other->from_addr_ipv4);
|
||||
to_addr = min(this->to_addr_ipv4, other->to_addr_ipv4);
|
||||
if (from_addr > to_addr)
|
||||
{
|
||||
/* no match */
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2,
|
||||
"no match in address range");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -106,7 +118,8 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
|
|||
to_port = min(this->to_port, other->to_port);
|
||||
if (from_port > to_port)
|
||||
{
|
||||
/* no match */
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2,
|
||||
"no match in port range");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -115,6 +128,10 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
|
|||
new_ts->from_addr_ipv4 = from_addr;
|
||||
new_ts->to_addr_ipv4 = to_addr;
|
||||
new_ts->type = TS_IPV4_ADDR_RANGE;
|
||||
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2,
|
||||
"got a match: %x:%d-%x:%d",
|
||||
new_ts->from_addr_ipv4, new_ts->from_port, new_ts->to_addr_ipv4, new_ts->to_port);
|
||||
return &(new_ts->public);
|
||||
}
|
||||
return NULL;
|
||||
|
@ -256,7 +273,7 @@ static void update_address_range(private_traffic_selector_t *this, host_t *host)
|
|||
/**
|
||||
* Implements traffic_selector_t.clone.
|
||||
*/
|
||||
static traffic_selector_t *clone(private_traffic_selector_t *this)
|
||||
static traffic_selector_t *clone_(private_traffic_selector_t *this)
|
||||
{
|
||||
private_traffic_selector_t *clone = traffic_selector_create(this->protocol, this->type, this->from_port, this->to_port);
|
||||
clone->type = this->type;
|
||||
|
@ -335,8 +352,8 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t ne
|
|||
this->from_addr_ipv4 = ntohl(*((u_int32_t*)from.ptr));
|
||||
if (this->from_addr_ipv4 == 0)
|
||||
{
|
||||
/* use /32 for 0.0.0.0 */
|
||||
this->to_addr_ipv4 = 0xFFFFFF;
|
||||
/* use /0 for 0.0.0.0 */
|
||||
this->to_addr_ipv4 = ~0;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -413,13 +430,14 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
|
|||
this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
|
||||
this->public.get_netmask = (u_int8_t(*)(traffic_selector_t*))get_netmask;
|
||||
this->public.update_address_range = (void(*)(traffic_selector_t*,host_t*))update_address_range;
|
||||
this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone;
|
||||
this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_;
|
||||
this->public.destroy = (void(*)(traffic_selector_t*))destroy;
|
||||
|
||||
this->from_port = from_port;
|
||||
this->to_port = to_port;
|
||||
this->protocol = protocol;
|
||||
this->type = type;
|
||||
this->logger = logger_manager->get_logger(logger_manager, CONFIG);
|
||||
|
||||
return this;
|
||||
}
|
||||
|
|
|
@ -318,7 +318,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i
|
|||
{
|
||||
this->logger->log(this->logger, CONTROL, "No CHILD_SA requested, no CHILD_SA built");
|
||||
}
|
||||
if (!this->proposal)
|
||||
else if (!this->proposal)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL, "Proposal negotiation failed, no CHILD_SA built");
|
||||
this->child_sa->destroy(this->child_sa);
|
||||
|
|
|
@ -225,7 +225,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
u_int64_t responder_spi;
|
||||
ike_sa_id_t *ike_sa_id;
|
||||
iterator_t *payloads;
|
||||
host_t *me;
|
||||
host_t *me, *other;
|
||||
connection_t *connection;
|
||||
policy_t *policy;
|
||||
|
||||
|
@ -357,9 +357,12 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
/* apply the address on wich we really received the packet */
|
||||
connection = this->ike_sa->get_connection(this->ike_sa);
|
||||
me = ike_sa_init_reply->get_destination(ike_sa_init_reply);
|
||||
other = ike_sa_init_reply->get_source(ike_sa_init_reply);
|
||||
connection->update_my_host(connection, me->clone(me));
|
||||
connection->update_other_host(connection, other->clone(other));
|
||||
policy = this->ike_sa->get_policy(this->ike_sa);
|
||||
policy->update_my_ts(policy, me);
|
||||
policy->update_other_ts(policy, other);
|
||||
|
||||
/* build empty message */
|
||||
this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request);
|
||||
|
|
|
@ -411,6 +411,7 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl
|
|||
my_id = this->policy->get_my_id(this->policy);
|
||||
|
||||
/* update others traffic selectors with actually used address */
|
||||
this->policy->update_my_ts(this->policy, response->get_source(response));
|
||||
this->policy->update_other_ts(this->policy, response->get_destination(response));
|
||||
|
||||
/* set policy in ike_sa for other states */
|
||||
|
|
Loading…
Reference in New Issue